Curve Finance is currently digging into an exploit that hit the sDOLA market on LlamaLend.
From what they’ve figured out so far, it looks like a vulnerability tied to how the price oracle works, combined with a bunch of sDOLA floating around outside the normal collateral pools. Thankfully, the attacker’s profits were kept pretty limited.
Quick impact rundown:
• sDOLA borrowers got liquidated
• Lenders came out completely fine
• sDOLA holders at least got some partial returns
The team’s now checking if any other similar markets could be at risk and they’re actively hardening LlamaLend V2 against these kinds of donation style oracle manipulations, no matter the pool size.
Exploit’s contained now.
Some collateral risks got exposed in the process.
Security upgrades are in full swing.
CRV
0.2598
+2.97%